Experts vs Experts: The Use of Antivirus

To use or not to use antivirus, that is the question

Speaking to security professionals at the RSA Conference in San Francisco, Wired learned that many of them don’t use antivirus at all, considering that it lost its effectiveness. Other experts say that antivirus software is still useful and statements like this should never be made by those in the security business.

In the red corner we have Jeremiah Grossman, CTO at White Hat Security, who claims that experts don’t rely on antivirus solutions because if someone attacks them, they will do it using means that commercial protection software can’t deal with effectively.

He also believes that companies are spending too much on antivirus applications and firewalls.

Dan Guido, the CEO of Trail of Bits, mostly agrees with him, revealing that only professionals working in regulated industries utilize antivirus. He describes offensive on security as being the solution to counterattack hacktivists, fraudsters, and advanced persistent threats (APTs).

“You need to attack the system that they have developed to take advantage of your flaws. That’s the name of the game,” he told Wired.

The ones in the middle of this argument say that not having malware protection would be “foolish” for a company.

Ruggero Contu, a Gartner analyst, thinks that security solutions providers are doing a good job with their products, but he admits that money spent on more untraditional defense mechanisms, such as changing business models and learning how attacks work, may also be a good investment.

In the blue corner, the representative of security experts who believe that antivirus is a must, we find ESET Senior Research Fellow David Harley. He is concerned that the experts’ opinions may be misleading for regular users who may be tempted to remove AV from their devices just because everyone does so.

“AV is not The Answer, or any sort of 100% solution, but nor are whitelisting, or detailed DIY log analysis, or the other panaceas du jour. I agree that the man in the street shouldn’t think that because he has AV or a personal firewall, he’s Safe: it’s perfectly true that AV can’t detect everything,” Harley says.

“Though it’s not true to say that AV relies on static signatures and detects only known malware, and all the other stuff that's parroted year after year by people who should know better.”

In his opinion, a decent Internet security suit combined with some common sense can do wonders. He claims that even though AV doesn’t guarantee safety from malicious elements, it still detects a decent amount of malware and offers that extra layer of security.

“And you should also bear in mind that some of the security experts who are denigrating AV en masse right now have their own commercial agendas to push, in favour of other technologies that are not the 100 Per Cent Solution either” the expert concludes.